CVE-2023-2925

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2925

Published

2023-05-27T09:15:09Z

Modified

2025-01-14T11:39:19.357730Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/krayin/laravel-crm

Affected ranges

Type: GIT
Repo: https://github.com/krayin/laravel-crm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

047292b8f98f1c3db43c44a53d86cd247b8f4e5e

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4